Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2017-2637

Published: 26/07/2018 Updated: 12/02/2023
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 10 | Impact Score: 6 | Exploitability Score: 3.9
VMScore: 890
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Openstack

Vulnerability Summary

A design flaw issue was found in the Red Hat OpenStack Platform director use of TripleO to enable libvirtd based live-migration. Libvirtd is deployed by default (by director) listening on 0.0.0.0 (all interfaces) with no-authentication or encryption. Anyone able to make a TCP connection to any compute host IP address, including 127.0.0.1, other loopback interface addresses, or in some cases possibly addresses that have been exposed beyond the management interface, could use this to open a virsh session to the libvirtd instance and gain control of virtual machine instances or possibly take over the host.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

redhat openstack 7.0

redhat openstack 10

redhat openstack 9

redhat openstack 8

Vendor Advisories

Red Hat: Important: Red Hat OpenStack Platform director security update
Synopsis Important: Red Hat OpenStack Platform director security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat OpenStack Platform 100 (Newton)Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Sco ...
Red Hat: Important: Red Hat OpenStack Platform director security update
Synopsis Important: Red Hat OpenStack Platform director security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat OpenStack Platform 90 (Mitaka)Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scor ...
Red Hat: Important: Red Hat OpenStack Platform director security update
Synopsis Important: Red Hat OpenStack Platform director security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat OpenStack Platform 70 (Kilo)Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scorin ...
Red Hat: Important: Red Hat OpenStack Platform director security update
Synopsis Important: Red Hat OpenStack Platform director security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat OpenStack Platform 80 (Liberty)Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Sco ...
Red Hat: CVE-2017-2637
A design flaw issue was found in the Red Hat OpenStack Platform director use of TripleO to enable libvirtd based live-migration Libvirtd is deployed by default (by director) listening on 0000 (all interfaces) with no-authentication or encryption Anyone able to make a TCP connection to any compute host IP address, including 127001, other loo ...

References

CWE-306https://wiki.openstack.org/wiki/OSSN/OSSN-0007https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2637https://access.redhat.com/solutions/3022771https://access.redhat.com/errata/RHSA-2017:1546https://access.redhat.com/errata/RHSA-2017:1537https://access.redhat.com/errata/RHSA-2017:1504https://access.redhat.com/errata/RHSA-2017:1242http://www.securityfocus.com/bid/98576https://nvd.nist.govhttps://access.redhat.com/errata/RHSA-2017:1242
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook